It's gonna be quite short: I studied OSCP like crazy then I registered for the GIAC Certified Penetration Tester exam. I tried the first practice exam (it comes with two, like all GIAC exams) just to see where I was. I got 79% without studying! So I went on and read about US, Canadian and UK laws, look at the most popular hacking tools in Windows (Cain and the others), tried a few "pass the hash" attacks. Two weeks after, I wrote the exam and got 89% !!!

Ok, I am not braging right now. I was just astonished that by doing the OSCP course, I would be ready for GPEN in less than 3 weeks with minimal study. And the GPEN exam was in no way easy, but when you have manually done multiple times 85% of the content of GPEN, you are off for a good start!!

So I am happy because I know I am not a complete waste!! But I am also happy that I didn't have to pay almost $5000 for the SANS course to get ready for GPEN. Although I would have love to take it, my budget is happy I didn't...

So the next one will be CISSP, just to help me get contracts and learn more about "the other stuff" that we, pen testers, don't have to deal with everyday. I will tackle OSCP again next year...

I noticed today on the SANS website that they're offering a free certification attempt for any current C|EH holder that takes the course. It seems like they're marketing the GPEN pretty heavily, so it will hopefully be a big cert in the future...

Congrats on passing the GPEN. As time goes on, you will see there is a huge amount of overlap in most certifications. *sigh* Personal *I* don't know what to study for anymore. This GREM is throwing a wrench in my wheels. My GREM via VLive begins Jan 17th or so which means, I have one month of downtime Me and boreDumb don't mix. I wanted to do the CREA in the meantime, but I'd have to wait like 2-3 weeks for material, purchase orders to be signed, etc., which would place me doing dual studies: GREM and CREA.

Anyway, aside from this, I'm at serious odds of what to do as a whole. My options: Focus heavily on forensics and take the ACE (Access Data) + EnCE certs... But I don't want to be bound into a vendor cert. I could opt to take the GFCA once I'm done with with the GREM and that would make me highly focused on forensics which I find interesting, but boring and at times political.

I *could* go back and focus on labs by getting back into CCIE studies, but that would be long, frustrating and isolate me into a Cisco only world. Same goes for JNC*anything even though I see more Juniper than I care to.

I could go for the OCSE, but I don't feel like it would suit me from a financial perspective. While the OSCP was fun, the reality is, its not as known as others. I could also opt for the OPSA/OPST exams, but then I'd have to wait until ISECOM brought their training back this way. So... Forensics, Pentesting, Networking... I guess I could knock the RHCE or SCSA out of the way who knows. Where the heck is dynamik when I need a swift kicking.

In the meantime, I'm still awaiting the results of my thesis for the RWSP. I wonder if I should take the class a step further and social engineer my results into a positive one

30 days for the RHCE is plenty if you're familiar with Linux which I'm sure you are. You can get access to their labs set up pretty much exactly like the test environment for $250/week. I used it and was moderately happy with the purchase. It was slow as hell 'cause they used a java applet to give you access to the machines. Anyway...they just released RHEL 6, so I'd wait until the cert is out for RHEL 6. It will keep you from having so quickly.